Cloud Solution Design - Replatform to Amazon Web Services (AWS)
This whitepaper will introduce Solution Design Replatform to Amazon Web Services (AWS), the cloud computing service of Amazon.
Cloud Solution Design - Amazon Web Services (AWS)
DISCOVERY
Why moving to the cloud
- Financial Reasons
o Reduce expenses
o Increase operations
o Enhance outcomes
- Improve overall ROI
- Meet competitive challenges
PRESENTING A SOLUTION
Current Architecture
2-tier solution:
- web
- Database
Access
- Web tier: customers on web ports
- Database tier: web tier on database ports
Nightly database backups to tape
Proposed Solutions
Amazon Web Services (AWS)
Replatform
To Be Cloud Architect
- Web tier (Web Proxy) - Web (web traffic) Internet
- App tier (App Server) - App (app traffic) Web
- DB tier (Amazon RDS) - Databases (db traffic) App
- Bastion hosts (management traffic) – Small instance type
- AWS Identity and Access Management (IAM) – least privilege
- Security
o Only the web hosts in public subnet
o Security groups
Web - only allow internet traffic on 80/443
App hosts - only allow web proxy on app port
Amazon Relational Database Service (Amazon RDS) - only allow app host on 3306
The management of Bastion Host with Amazon EC2 Systems
o NACL (Network Access Control Lists) - as an additional layer
o Amazon Simple Storage Service (Amazon S3) buckets have security features enabled
o AWS Identity and Access Management (IAM) policies configured along the principles of least privilege
o Monitoring and logging
DELIVERING A PROOF OF CONCEPT (POC)
Evaluating the solution in the customer’s environment
Let’s start AWS Free Tier - https://aws.amazon.com/free/
IMPLEMENTING SOLUTION
Production Solution Implementation
KEY TAKEAWAYS
The Six R’s
• Rehost
Tools: AWS VM Import/Export
• Replatform
- Migrating databases to Amazon RDS
- Migrating applications to Amazon Elastic Beanstalk
• Refactor
Using cloud native features
• Retire
Shutting off non-useful applications
Reducing spend, management, and security
• Retain/Revisit
Keeping certain applications on-premises
• Repurchase
Moving workflows to software as a service (SaaS)
Cloud Architecture Best Practices
- Design for failure and nothing fails
o Avoid single points of failure
o Multiple instances
o Multiple Availability Zones
o Separate single server into multiple tired application
o For Amazon RDS, use Multi-AZ feature
- Build security in every layer
o Encrypt Data at rest and in transit
o Enforce principle of least privilege in IAM
o Implement both Security Groups and Network Access Control Lists (NACL)
o Consider advanced security features and services
- Leverage different storage options
o Move static web assets to Amazon S3
o Use Amazon CloudFront to serve globally
o Store session state in DynamoDB
o Use ElastiCache between hosts and databases
- Implement elasticity
o Implement Auto Scaling policies
o Architect resiliency to reboot and relaunch
o Leverage managed services like Amazon S3 and Amazon DynamoDB
- Think parallel
o Scale horizontally, not vertically
o Decouple compute from session/state
o Use Elastic Load Balancing
o Right-size your infrastructure
- Loose coupling sets you free
o Instead of a single, ordered workflow, use multiple queues
o Use Amazon Simple Queue Service (SQS) and Simple Notification Service (SNS)
o Leverage existing services
- Don’t fear constraints
o Rethink traditional constraints
o Need more RAM?
o Better IOPS for databases?
o Response to failure
Solution Design Replatform to Amazon Web Services (AWS)
Source: AWS
Comments